Counter Terror

19th April 2016

Prof. Charles Curry BEng, CEng, MITP, FIET Chronos Technology Ltd

When Will Terrorists Start Spoofing GPS?

Black Swan Events

Surprise to the observer

Significant impact

With hindsight – could have been predicted

Nassim Nicholas Taleb 2007 “The Black Swan”

Presentation Contents

Background Research

What is Spoofing?

Spoofing & Jamming – Who and Why?

Where to buy your Jammers & Spoofers

Recent “Events”

UK Research since 2008

Latest Testing Sennybridge 2015

22/04/2016 ©Chronos Technology: COMPANY PROPRIETARY

5

UK Mod Range in Brecon Beacons

Distance Testing of 3W Jammer

Detection of Jammers in Container

Photographing a Passing Jammer

Detection of 3W Jammer

22/04/2016 ©Chronos Technology: COMPANY PROPRIETARY

6

Approx 6Km

What is Spoofing?

“A GPS spoofing attack attempts to deceive a GPS receiver by broadcasting counterfeit GPS signals” – Wikipedia 2016

Spoof Position

Spoof Time

Academic Research topic – Dr Todd Humphreys – https://www.ted.com/talks/todd_humphreys_how_to_fool_a_gps?language=en

…until 2015….

22/04/2016 ©Chronos Technology: COMPANY PROPRIETARY 7

Hardware: HackRF (£200), bladeRF (£400) - both crowd funded; Ettus Research USRP B210 (£800)

Spoofing: how hard could it be?

8 Slide courtesy of Dr Robert Watson – University of Bath Electronics Dept

Nuand bladeRF 28MHz, 12-bit, USB3

Ettus Research B210 61MHz, 12-bit, USB3

All of these devices can tune to any one of the GNSS frequencies

HackRF One 20MHz, 8-bit, USB2 Entirely open source

What Happened in 2015?

22/04/2016 ©Chronos Technology: COMPANY PROPRIETARY 9

A Beginners Guide to low cost Spoofing!

https://www.youtube.com/watch?v=jwJKMti_aw0

Spoofing & Jamming - Who and Why?

Privacy & Covert Operations – Mainly Jamming – Personal Aggravation Disruption

– Personal Privacy

– Criminal Privacy

– Organised Crime Gangs (OCG)

Cyber Security – Service Denial – Jamming & Spoofing – Cyber Crime

– Civil Disruption/Terrorism

– Nation State

Personal Aggravation Disruption

11

Multi band jammers jam GPS as well as mobile phones

GPS: 1500-1600 MHz CDMA: 850-894MHz DCS: 1805-1880MHz GSM: 925-960MHz PHS: 1900-1930MHz CDMA1900: 1930-1980MHz WiFi: 2400-2500MHz

Personal Privacy – Case Study

Three Switch

GPS based fleet tracking technology used here

Resilient Timing System using Rb/OCXO holdover not impacted

by jamming

Criminal Privacy

Recent arrest apprehended a de-tagged criminal who was a passenger

in a van. The driver was using a cigarette

lighter style jammer. Concerned about covert tracking

technology.

Organised Crime

http://www.bbc.co.uk/programmes/p014f7jk https://www.youtube.com/watch?v=I8fe3nNUmBg

Photos courtesy of NaVCIS & Hampshire

Scene of Crime Photos

Photo courtesy of Hampshire Police Photo courtesy of AVCIS

Cigarette Lighter style Jammer hot

wired to car battery

Civil Disruption/Terrorism -1

25m off ground near City Airport

Purple – Total Denial of

Service

Red – Major Errors and Unable to get Fix

Yellow – Large Errors, possible loss of lock

Civil Disruption/Terrorism - 2

Nation State - 1

Prof. Jiwon Seo -Yonsei University, South Korea Resilient PNT Forum II, Dana Point, California - January 26, 2015

http://rntfnd.org/2015/02/01/resilient-pnt-forum-ii-presentations/

Nation State - 2

“North Korea is using radio waves to jam GPS navigation systems near the border regions, South Korean officials said.”

Impact of similar Jammer on London

100 Watt Jammer Shard – Floor 72

Simulation courtesy Mike Jones

– Roke Manor Research

22/04/2016 ©Chronos Technology: COMPANY PROPRIETARY 20

Where to buy Jammers

Over 50 active Chinese Web Sites

Power ~ 100mW to 50W!

3W 500mW

250mW

Buying a 3W Jammer

UK Law

Not illegal to possess – However - No legal reason for use!

Offence under Wireless Telegraphy Act 2006 – Causing Deliberate Interference

– Maximum 2 years in prison - Unlimited Fine

Offence under EMC Directive EC89/336 – Electromagnetic compatibility Regs SI 2006/3418

– Supplying Jammers – Fine of up to £5000

Google ‘Ofcom Jammers’ for more info

23

London Events/Month >30 Seconds

22/04/2016 ©Chronos Technology: COMPANY PROPRIETARY 24

100

150

Near London Stock Exchange

April 2015 to Now

Conclusion

Are we ready for a GPS based Black Swan?

Terrorists – Do they know about GPS Jammers? – Criminals do! – OCGs use Jammers – Generally More Powerful

Did you know about Jammers? Learn with the SENTINEL Report

– http://www.chronos.co.uk/files/pdfs/gps/SENTINEL_Project_Report.pdf

25

www.chronos.co.uk

www.gpsworld.biz

www.taviga.com

charles.curry@chronos.co.uk

Thankyou